Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set prefix, delimiter params even when empty #282

Merged
merged 1 commit into from
Mar 1, 2019
Merged

Set prefix, delimiter params even when empty #282

merged 1 commit into from
Mar 1, 2019

Conversation

harshavardhana
Copy link
Member

We have never set values which are empty on the request
because they are perhaps not useful in the List query,
but this assumption is wrong when there are restricted
policies for a given user, because empty is actually
a valid value in IAM or Bucket policy conditions.

For example following condition would never work with our
ListObjects call and AWS cli would work fine.

        "Condition": {
            "StringEquals": {
                "s3:prefix": [
                    "",
                    "data/",
                    "data"
                ],
                "s3:delimiter": [
                    "/",
                    ""
                ]
            }
        }

The reason is empty or not prefix and delimiter should be
added to the query param in List operation, such that server
can use the value to validate the policies for the incoming
request.

Refer minio/minio-go#1064

@harshavardhana harshavardhana force-pushed the fix-queries branch 2 times, most recently from d2c226a to a118b2c Compare January 31, 2019 02:03
@krisis
Copy link
Member

krisis commented Feb 1, 2019

@harshavardhana could you check why travis-CI is failing?

@harshavardhana
Copy link
Member Author

@harshavardhana could you check why travis-CI is failing?

PR is ready for review @krisis @sinhaashish

@harshavardhana harshavardhana force-pushed the fix-queries branch 2 times, most recently from aa8e0f6 to 80bfdeb Compare February 28, 2019 02:44
@harshavardhana
Set prefix, delimiter params even when empty
9b7b598 
We have never set values which are empty on the request
because they are perhaps not useful in the List query,
but this assumption is wrong when there are restricted
policies for a given user, because empty is actually
a valid value in IAM or Bucket policy conditions.

For example following condition would never work with our
ListObjects call and AWS cli would work fine.

            "Condition": {
                "StringEquals": {
                    "s3:prefix": [
                        "",
                        "data/",
                        "data"
                    ],
                    "s3:delimiter": [
                        "/",
                        ""
                    ]
                }
            }

The reason is empty or not prefix and delimiter should be
added to the query param in List operation, such that server
can use the value to validate the policies for the incoming
request.

Refer minio/minio-go#1064
sinhaashish
sinhaashish approved these changes Mar 1, 2019
View reviewed changes
Copy link

@sinhaashish sinhaashish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@harshavardhana harshavardhana merged commit 5885aad into minio:master Mar 1, 2019
@harshavardhana harshavardhana deleted the fix-queries branch March 1, 2019 04:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@poornas poornas poornas left review comments

@sinhaashish sinhaashish sinhaashish approved these changes

@krisis krisis krisis approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@harshavardhana @krisis @poornas @sinhaashish